[prev in list] [next in list] [prev in thread] [next in thread] 

List:       proftpd-users
Subject:    [Proftpd-user] Proftpd and between user switch
From:       Egoitz Aurrekoetxea <egoitz () ramattack ! net>
Date:       2009-01-03 14:20:07
Message-ID: 495F7417.2040403 () ramattack ! net
[Download RAW message or body]

Hi all!!!

I'm going to install a new proftpd+mysql machine. I have seen some 
proftpd servers wich has all mysql users but with the same uid and gid 
and that uid and gid matches with some uid gid existing in passwd and 
group files. I have been looking at proftpd behaviour and have seen that 
proftpd listens as nobody (the user set in proftpd.conf) and when a user 
logs on it creates a child with uid and gid the uid/gid of the looged in 
user (uid/gid listed in mysql ftpuser table for the logged user). Some 
howtos use the same uid/gid for all mysql users... but I think this 
could be insecure... because if perhaps someday appears a bug any user 
could modify any user files.... so I have think to assign a unique 
uid/gid in ftpusers table for each mysql user (and to create a group 
with that gid in ftpgroup table)... obviously this uid/gid woun't match 
with any uid/gid of any user in passwd or group of group file. Is this 
OK? I think if you set in proftpd.conf that all files to be 750 or 755 
for example well if some user can go to other user home (because of a 
bug) unless can't write to that homedir... am I wrong? (if this is OK 
perhaps I'll apply a 750 because this way other users can't see other 
users files... just they're files). My question is... is this OK or 
could this idea run into troubles of any kind?

Thanks a lot mates!!

Bye!!!

------------------------------------------------------------------------------
_______________________________________________
ProFTPD Users List   <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
[prev in list] [next in list] [prev in thread] [next in thread]